https://bugzilla.mindrot.org/show_bug.cgi?id=3415
--- Comment #3 from Christoph Anton Mitterer <[email protected]> --- Hey Darren. Uhm... I could try to build a "clean" OpenSSH with all the Debian modifications removed - but AFAICS none of those should really touch the warning about a failed MAC negotiation. In fact I do get that warning when connection to another (yet very old - and thus not supporting new MACs) OpenSSH at the university. As for my debug output... I think I just copy&pasted the wrong one from the terminal, sorry. Here's the correct one: $ sftp -vvv -P 6789 192.168.0.150 OpenSSH_8.9p1 Debian-3, OpenSSL 1.1.1n 15 Mar 2022 debug1: Reading configuration data /home/calestyo/.ssh/config debug1: /home/calestyo/.ssh/config line 226: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 6: Applying options for * debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512] debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group16-sha512-] debug2: resolve_canonicalize: hostname 192.168.0.150 is address debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/calestyo/.ssh/known_hosts' debug1: Control socket "/home/calestyo/.ssh/mux/[email protected]:6789" does not exist debug3: ssh_connect_direct: entering debug1: Connecting to 192.168.0.150 [192.168.0.150] port 6789. debug3: set_sock_tos: set socket 3 IP_TOS 0x10 debug1: Connection established. debug1: identity file /home/calestyo/.ssh/id_ed25519 type 3 debug1: identity file /home/calestyo/.ssh/id_ed25519-cert type -1 debug1: identity file /home/calestyo/.ssh/id_ecdsa type -1 debug1: identity file /home/calestyo/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/calestyo/.ssh/id_rsa type -1 debug1: identity file /home/calestyo/.ssh/id_rsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Debian-3 debug1: Remote protocol version 2.0, remote software version becke-ch--ssh--s0-0-v1-0 debug1: compat_banner: no match: becke-ch--ssh--s0-0-v1-0 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 192.168.0.150:6789 as 'calestyo' debug3: rekey after 0 bytes, 3600 seconds debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent Connection closed by 192.168.0.150 port 6789 Connection closed. Connection closed > That example looks like it's using a proxycommand. Yes it does... that's the very old OpenSSH mentioned above. We cannot really upgrade that (at least not soon)... so it's not publicly in the network and only reachable via some ProxyJump (over a recent enough/secure node). I tried with -F none: $ sftp -vvv -P 6789 -F none -o GSSAPIKeyExchange=no -o [email protected] 192.168.0.150 OpenSSH_8.9p1 Debian-3, OpenSSL 1.1.1n 15 Mar 2022 debug2: resolve_canonicalize: hostname 192.168.0.150 is address debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/calestyo/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/calestyo/.ssh/known_hosts2' debug3: ssh_connect_direct: entering debug1: Connecting to 192.168.0.150 [192.168.0.150] port 6789. debug3: set_sock_tos: set socket 3 IP_TOS 0x10 debug1: Connection established. debug1: identity file /home/calestyo/.ssh/id_rsa type -1 debug1: identity file /home/calestyo/.ssh/id_rsa-cert type -1 debug1: identity file /home/calestyo/.ssh/id_ecdsa type -1 debug1: identity file /home/calestyo/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/calestyo/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/calestyo/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/calestyo/.ssh/id_ed25519 type 3 debug1: identity file /home/calestyo/.ssh/id_ed25519-cert type -1 debug1: identity file /home/calestyo/.ssh/id_ed25519_sk type -1 debug1: identity file /home/calestyo/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/calestyo/.ssh/id_xmss type -1 debug1: identity file /home/calestyo/.ssh/id_xmss-cert type -1 debug1: identity file /home/calestyo/.ssh/id_dsa type -1 debug1: identity file /home/calestyo/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Debian-3 debug1: Remote protocol version 2.0, remote software version becke-ch--ssh--s0-0-v1-0 debug1: compat_banner: no match: becke-ch--ssh--s0-0-v1-0 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 192.168.0.150:6789 as 'calestyo' debug3: put_host_port: [192.168.0.150]:6789 debug3: record_hostkey: found key type ECDSA in file /home/calestyo/.ssh/known_hosts:31 debug3: load_hostkeys_file: loaded 1 keys from [192.168.0.150]:6789 debug1: load_hostkeys: fopen /home/calestyo/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],ecdsa-sha2-nistp521 debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent Connection closed by 192.168.0.150 port 6789 Connection closed. Connection closed So it doesn't seem to be my ssh config... nevertheless if you'd still need it, tell me and I'd send it to you privately it's not really that secret... nevertheless... shouldn't probably made too public as it contains some network information and so on. Thanks, Chris. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
